scripting pap off to eapol_test?
Alan DeKok
aland at deployingradius.com
Thu Aug 6 14:02:46 CEST 2020
On Aug 6, 2020, at 5:17 AM, Jonathan <huffelduffel at gmail.com> wrote:
>
> I'm thinking of passing received PAP username and password on a realm/proxy
> basis to eapol_test to transform a PAP request into a proxied EAP request
> for further authentication upstream towards a 3rd party radius which only
> accepts secured EAP-PEAP:mschapv2 requests.
>
> If this would be possible, what would be the easiest way to do this from
> within a proxy config?
Just execute a program. It will likely have to be a shell script wrapper which creates a configuration file in /tmp, and then passes that to eapol_test.
It will "work" for various definitions of "work". If things are OK, users will be authenticated. But if the back-end server goes down, no RADIUS fail-over will happen. Instead, the script will wait, and will block FreeRADIUS.
People should just allow PAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list